Check Point boss looks beyond 'weapons' for security defence

Interview De-perimiterisation and the move to cloud computing will not alter the central place the firewall occupies in corporate security architectures, according to Check Point chief exec Gil Shwed.

Check Point is advocating a three-phase strategy of security policy enforcement centred around the firewall, user education and enforcement as a means of reducing costs while improving security for corporates. The technology part of this combination comes from Check Point in the form of the latest version of its firewall platform – the R75 – and software blades to carry out functions such as URL-blocking or intrusion prevention.

Check Point is pushing the architecture as a means for customers to reduce the number of point products they support. "Having 10 different types of weapons is useless unless you have a strategy for what you want to do," Shwed, who founded Check Point shortly after leaving an elite technology unit of the Israeli army, told El Reg at a conference last week.

Cornerstone

Simplification to save costs is a sound enough idea but we questioned whether the firewall – rather than systems management or logging technology – was the right hub for information security.

"Our technology is broader than just a firewall but it's a great platform," Shwed told El Reg. "Management software collects and presents information, but it's not the best place to manage security policy.

"Years ago I thought systems management firms would become either competitors or partners but this never happened. Managing a system and event analysis, which is what the likes of Tivoli and HP do, is different from developing and enforcing a security policy," he said.

Although Shwed said that Check Point is seeing "nice growth from its core market" of firewalls, it is also trying to get into adjacent security markets, sometimes by acquisition. The company wants to stay focused as a pure-play information security supplier.

Questions in Congress

Check Point could hardly be described as acquisitive, especially in comparison to the likes of Symantec and McAfee, and we wondered whether its abandoned bid to buy Sourcefire back in 2005 had anything to do with this. The Israeli firm's plans to buy the intrusion-prevention pioneer for $225m were withdrawn after it became clear that US authorities would attempt to block the acquisition.

The Committee on Foreign Investments in the US had concerns about a foreign firm getting hold of technology used to protect US government systems.

Shwed said a deal might have been agreed, but only if Check Point had agreed to US government terms that didn't suit its interests and agreed to turn over source code for its technology, a move he was loathe to make. "We've done four different acquisitions in the US since then," he said. "The reason there was concern about Sourcefire was down to a bad coincidence. The Port of Dubai was buying US ports at around the same time. Both deals got blocked, but the US Congress eventually approved the Dubai deal."

Rather than deal with the uncertain and undoubtedly delayed outcome of the deliberations of US politicians, Check Point walked away from the deal. It eventually got into the intrusion-prevention market with the purchase of NFR, another US developer, a year later.

Cyber-intrigue and the Stuxnet worm

The concerns expressed by politicians over security deals have been heightened by the perceived increase in threats stemming from government agencies as well as criminal hackers, particularly over the last two years or so.

The Operation Aurora attacks against Google and other high-tech firms last year, to say nothing of targeted attacks against finance agencies in France and EU ministries more recently, go a long way toward explaining why BT's decision to source its kit from Chinese supplier Huawei raises concerns about possible backdoor snooping.

We wondered whether the publicity about the recent Stuxnet worm, a sophisticated and targeted worm blamed for sabotaging Iranian nuclear power plant control systems, might make it more difficult for Check Point to do business. Nobody knows for sure, but Stuxnet is widely rumoured to be a joint US-Israeli operation.

It's possible to think Check Point, whose founders started their careers in the Israeli army, might encounter the same sort of concerns from politicians as have been raised by Huawei, which was founded by a former Chinese PLA officer. Shwed said such concerns are misplaced, and stem from a misunderstanding of Check Point's history.

"We established Check Point as a civilian firm with no ties to the military and not based on government contracts," Shwed said.

"The Israeli government doesn't share with us what it's doing and we don't ask. We'd like to think if it had elite people trying to compromise firewalls that the last one it would compromise would be ours but that's more because it wouldn't be an easy target rather than any sense of patriotism."

Shwed concluded by saying that the threat landscape was changing with the increased prevalence of targeted attacks – a development he described as "unsurprising". Government-sourced attacks might be either more sophisticated or less sophisticated than those attempted by criminal hackers, Shwed said, adding that the tendency would be towards more sophisticated assaults that require a different approach than simply applying a new security gizmo.

"You don't need an anti-Stuxnet or anti-Aurora product, you need a security strategy," he concluded. ®